We know that businesses struggle to keep their IT in optimal working condition. While some problems take the skilled hand of an expert to fix properly, many other issues are easier to deal with internally, but still, go chronically unaddressed. Here are some of those problems, and tips for how to deal with them.
Problem 1 – Inconsistent or Lackluster Email Security
Did you know that 92.4% of all malware is delivered via email? That’s from Verizon’s 2018 Data Breach Investigations Report. Not only is email an effective means for hackers to send you malware, but it’s a successful one too. The same Verizon report found that people in the U.S open 30% of all phishing emails, with 12% of people even clicking on the link inside the email.
These statistics point to a two-sided problem. Hackers know that email is a great way to get into your company, and employees are still not being cautious enough about their email usage. So, what’s the best way to help secure your email system against compromise?
- Enable Two-Factor Authentication (2FA)
This is the easiest measure to take. Two-factor authentication provides an extra layer of security that goes beyond just simple username and passwords. It requires that users verify their identity with a code sent to an authorized device (usually a cell phone), which can go a long way to keeping unauthorized users out of business email accounts.Unfortunately, 2FA adoption remains stubbornly low at businesses, despite the greatly increased security that it provides. One of the reasons holding 2FA back is that there are several different versions available, including SMS/mobile based solutions, physical keys, app-based models, and others. There are advantages and disadvantages to each of these methods, so pick a 2FA model that meets the specific security and compliance needs of your organization.
- Teach Employees Email Best Practices
According to recent data from Wombat Security, 30% of employees in the U.S. don’t even know what phishing is. That’s a big problem, as your team is the first line of defense against email-delivered cyber threats.
Teach your employees how to defend themselves. Go over the basics, such as poor grammar, incorrect spelling, suspicious email addresses, and other phishing red flags. Company policies against bad habits, like leaving email accounts open when you’re away from your desks, can also be very helpful. You may even want to give your staff the occasional quiz to ensure that they’re aware of the most important threats, and to educate them in a fun and memorable way.
Have you implemented email encryption or malware scanning for your email attachments yet? If not, those are two technical measures you can take to improve email security quickly. You may also want to think about enforcing an email retention policy. Regularly deleting emails is a best practice that’s often a vital part of maintaining regulatory compliance.
Problem 2 – Poor IT Vendor Management
According to this survey from the Tech Republic, 57% of companies say that they’re spending more time managing their IT vendors than just two years ago, driven by growing interest in cloud computing, SaaS, and cybersecurity services. IT vendor management is crucial to helping you deliver positive IT outcomes and control the cost of these services.
Engage company stakeholders and subject matter experts to form a workgroup to manage your vendors. While each vendor management process will differ, you’ll want to centralize all the related information, including contracts and related documents into one data repository. This body of information will help you evaluate your IT vendors to ensure they’re still a good fit for your needs, as well as negotiate future contracts.
From a cybersecurity point of view, you’ll also want to create a security risk profile for each vendor. As the number of vendors your company uses grows, so does the difficulty of maintaining strong security. According to PwC, 74% of companies do not have a complete inventory of the third parties that handle personal employee or customer data, a glaring oversight that your vendor management team should seek to rectify.
Proper IT vendor management is critical to any compliance efforts, meaning that this work must be handled with great care in regulated industries like finance and healthcare. In these cases, you’ll likely need the help of a trusted technology partner.
Problem 3 — Poorly Secured Workstations
Cybersecurity is a big, very important topic, which we’ve written a white paper on. One area of security where we’ve noticed many businesses fall short is in securing their workstations.
On any given day, a workstation may get used by several different employees or teams. Because they often hold valuable data that’s directly related to your productivity, these computers must be held to a higher standard of security than your average PC or mobile device.
- Employ Stronger Passwords
81% of hacking-related data breaches involve a compromised Because passwords are all that separate your workstation data from a malicious outsider (or insider), you’ll want to make sure that all your passwords adhere to the current best practices — which are constantly evolving.Did you know, for example, that mixing upper-case and lower-case letters are no longer seen as the best way to create a strong password? In fact, the man who came up with that idea in the first place now regrets ever saying it. Instead, combine 3 or 4 unrelated English words and sprinkle a number or two in for good measure. This provides a much stronger foundation for a secure workstation.
- Secure Administrator Accounts and Privileges
Administrator accounts have the ability to move data around your computer network in ways that standard user accounts can’t. This makes them attractive to interlopers, who will do whatever they can do to gain administrator access, like social engineering.Start by making sure that all default passwords have been changed and are different on each of your workstations. Using the same passwords on any two workstations could cause problems, by encouraging a successful hacker to move laterally through your network.While you’re at it, make sure that your admins aren’t using their administrator accounts for their daily work. This is another easy fix, but we see it all the time. Having your administrators use a separate account for non-administrative duties will help ensure that if their regular account gets compromised, the account with the privileged access remains secure.
Do You Need Help Solving an IT Problem?
Are problems with your technology eroding efficiency or morale at your company? We can help! For over twenty years Manhattan Tech Support has been providing reliable, friendly, flat-rate IT support and service to businesses in the greater New York City area. Have a question for our technology experts? Contact us any time at 212-299-7673; we’re happy to be of assistance.
Kaytuso – the cybersecurity & regulatory compliance division of ManhattanTechSupport.com LLC.
Exceed Digital – the custom software development and business intelligence solutions division of ManhattanTechSupport.com LLC